Debug Logging in Java Components

To enable debug logging in one of the Java components (connector, System Manager, or Central Logger), edit the process's command line in the WatchList.properties file to include the -Dcom.sun.directory.wps.flags.Flags.DBG=true flag, and restart the Identity Synchronization for Windows daemon (on Solaris) or service (on Windows). For example, debug
logging for the CNN101 Connector has been enabled in the following example.
The existing entry for the CNN101 Connector in the /var/opt/SUNWisw/resources/WatchList.properties file is shown here.

The idsync printstat command provides information
about the Connector ID and the installation location, which can be used to
find the correct entry in the WatchList.properties list.

In the following example, the command-line entry for this connector
has been edited to include the special debug option. It is safest to include
this option as the first option for the Virtual Machine for the Java Platform
(JVMTM tool interface).

After enabling this option, stop and start the Identity Synchronization for Windows daemon (on Solaris) or service (on Windows) so that the changes
take effect.

To prevent conflicts with Message Queue, wait 30 seconds after stopping
the Identity Synchronization for Windows daemon or service before restarting it. When the process
starts, it will write three new logs, logs/CNN101/debug.log, logs/CNN101/debugErrors.log,
and ogs/CNN101/resyncDebug.log.

debug.log— Includes all debug log messages,
as well as all log messages from the audit log file.

debugErrors.log— Includes all debug,
warning, and error messages, as well as all messages from the error log file.

resyncDebug.log— Includes all resynchronization
log messages that are normally only sent to the central log.

Enabling debug logging has an impact on performance and security. Debug
logging can generate trace-level information that consumes more disk space
than audit logs, requiring additional processor cycles that can reduce throughput.
Although no sensitive information is ever written to the audit log, the debug
log might include sensitive information such as passwords.

Unlike audit logging, the amount of information in the debug log is
not controlled by the global log level in the console. Instead, debug logging
is controlled by the Log.properties file located in the resources/ directory. The primary settings that can be changed in
this file are the log levels. The log levels for debug logging behave identically
to the settings for the audit logs but give more fine-grained control.

The com.sun.directory.wps.logging.debugLogger.loggerLevel =
FINE line in Log.properties sets the default
log level to FINE, but individual components change the
log level to increase or decrease the default amount of logging. In general,
the defaults provided in this file will produce an adequate amount of debug
logging without populating the log with unnecessary information.

The following table summarizes the component-level debug log levels.
In the Component column, com.sun.directory.wps.logging.DebugLogger.prefix is implied:

Table C–1 Component-Level
Debug Log Levels

Component

Type of Logging

Log.properties Level

accessor.level

Interaction with directory sources for detecting and applying changes,
which is useful when problems accessing a directory source need to be diagnosed.

FINER

accessor.saint.level

Communication between the connector and the subcomponents.

FINE (if not specified, inherits from accessor.level)

controller.level

Processing that occurs within the controller, including determining
membership in an SUL and interaction with the object cache.

FINER

agent.level

Processing that occurs within the agent, including mapping attributes,
sending messages over Message Queue, and receiving messages from Message Queue.

FINER

agentout.level

Processing that occurs within the agent on actions that are received
from Message Queue.